a.) dsquery
Consider that for help on a specific command, type "dsquery
For example, dsquery ou /?
Description: This tool's commands suite allow you to query the directory
according to specified criteria. Each of the following dsquery commands finds
objects of a specific object type, with the exception of dsquery *, which can
query for any type of object:
dsquery computer - finds computers in the directory.
dsquery contact - finds contacts in the directory.
dsquery subnet - finds subnets in the directory.
dsquery group - finds groups in the directory.
dsquery ou - finds organizational units in the directory.
dsquery site - finds sites in the directory.
dsquery server - finds AD DCs/LDS instances in the directory.
dsquery user - finds users in the directory.
dsquery quota - finds quota specifications in the directory.
dsquery partition - finds partitions in the directory.
dsquery * - finds any object in the directory by using a generic LDAP query.
For help on a specific command, type "dsquery
For example, dsquery ou /?.
Remarks:
The dsquery commands help you find objects in the directory that match
a specified search criterion: the input to dsquery is a search criterion
and the output is a list of objects matching the search. To get the
properties of a specific object, use the dsget commands (dsget /?).
The results from a dsquery command can be piped as input to one of the other
directory service command-line tools, such as dsmod, dsget, dsrm or dsmove.
Commas that are not used as separators in distinguished names must be
escaped with the backslash ("\") character
(for example, "CN=Company\, Inc.,CN=Users,DC=microsoft,DC=com").
Backslashes used in distinguished names must be escaped with a backslash
(for example,
"CN=Sales\\ Latin America,OU=Distribution Lists,DC=microsoft,DC=com").
Examples:
To find all computers that have been inactive for the last four weeks and
remove them from the directory:
dsquery computer -inactive 4 | dsrm
To find all users in the organizational unit
"ou=Marketing,dc=microsoft,dc=com" and add them to the Marketing Staff group:
dsquery user ou=Marketing,dc=microsoft,dc=com | dsmod group
"cn=Marketing Staff,ou=Marketing,dc=microsoft,dc=com" -addmbr
To find all users with names starting with "John" and display his office
number:
dsquery user -name John* | dsget user -office
To display an arbitrary set of attributes of any given object in the
directory use the dsquery * command. For example, to display the
sAMAccountName, userPrincipalName and department attributes of the object
whose DN is ou=Test,dc=microsoft,dc=com:
dsquery * ou=Test,dc=microsoft,dc=com -scope base
-attr sAMAccountName userPrincipalName department
To read all attributes of the object whose DN is ou=Test,dc=microsoft,dc=com:
dsquery * ou=Test,dc=microsoft,dc=com -scope base -attr *
Directory Service command-line tools help:
dsadd /? - help for adding objects.
dsget /? - help for displaying objects.
dsmod /? - help for modifying objects.
dsmove /? - help for moving objects.
dsquery /? - help for finding objects matching search criteria.
dsrm /? - help for deleting objects.
b.) Meanwhile you could find LDAP connection string launching ADSI Edit snapin:
c.) Consider that
The full syntax is at http://www.faqs.org/rfcs/rfc2255.html